| |
| |||||||
Log-Analyse und Auswertung: Landespolizeidirection Schadsoftware - OTPle Logfile anbeiWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.10.2013, 09:34
| #1 |
| |  Landespolizeidirection Schadsoftware - OTPle Logfile anbei Hallo! Ich habe bei meinem XP-Rechner ein Problem: Wenn ich ihn starte erscheint "Landespolizeidirection Bundes..." + ein Bild eines Polizisten. Im Moment funktioniert nichts, ich benötige den Rechner aber zum Arbeiten. Hier das mittels OTPle erstellte Logfile. Ich bitte um eure Hilfe! Beste Grüße, manuel Code:
ATTFilter OTL logfile created on: 10/16/2013 11:41:27 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48.83 Gb Total Space | 12.64 Gb Free Space | 25.88% Space Free | Partition Type: NTFS
Drive D: | 184.05 Gb Total Space | 176.08 Gb Free Space | 95.67% Space Free | Partition Type: NTFS
Drive E: | 1.91 Gb Total Space | 1.90 Gb Free Space | 99.45% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2013/10/16 04:29:27 | 000,017,408 | ---- | M] () [Auto] -- C:\WINDOWS\system32\rpcnetp.exe -- (rpcnetp)
SRV - [2013/10/15 09:40:22 | 000,130,048 | ---- | M] () [On_Demand] -- C:\DOKUME~1\ALLUSE~1\ANWEND~1\7dlw446j.plz -- (winmgmt)
SRV - [2013/10/10 07:29:32 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/02 04:54:14 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/24 12:04:43 | 000,069,792 | ---- | M] (Absolute Software Corp.) [Auto] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2013/03/23 06:10:22 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/28 04:36:01 | 000,045,248 | ---- | M] (AVAST Software) [Auto] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/02/29 02:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/07/19 23:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/06/30 07:00:43 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 06:24:19 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/07/08 08:18:29 | 000,333,264 | ---- | M] () [Auto] -- C:\Programme\3DataManager\WTGService.exe -- (WTGService)
SRV - [2009/02/26 12:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Microsoft Officeneu\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/01/19 09:16:46 | 000,061,440 | ---- | M] (AuthenTec,Inc) [On_Demand] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)
SRV - [2006/11/11 15:56:18 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto] -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/10/26 09:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (hwdatacard)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2013/02/28 04:36:37 | 000,765,808 | ---- | M] (AVAST Software) [File_System | System] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/02/28 04:36:37 | 000,368,248 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/02/28 04:36:37 | 000,163,784 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/02/28 04:36:37 | 000,062,448 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/02/28 04:36:36 | 000,066,408 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/02/28 04:36:36 | 000,049,832 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013/02/28 04:36:36 | 000,049,320 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/02/28 04:36:35 | 000,029,880 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/05/18 19:21:45 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2012/05/18 19:21:45 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2012/05/18 19:21:45 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2012/05/18 19:21:45 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2011/06/30 07:00:44 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/30 07:00:44 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/10/26 15:13:13 | 000,108,768 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ACEDRV08.sys -- (ACEDRV08)
DRV - [2009/05/11 03:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/11/19 11:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/19 11:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/19 11:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/04/30 00:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/04/10 09:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/02/16 09:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/01/30 12:57:00 | 004,474,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/13 04:41:20 | 000,862,922 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/10/30 04:52:18 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/10/30 04:52:04 | 000,329,901 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/10/30 04:51:40 | 000,067,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/10/30 04:51:30 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/10/30 04:51:24 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Manuel_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
IE - HKU\Manuel_ON_C\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.)
IE - HKU\Manuel_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKU\Manuel_ON_C\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.)
IE - HKU\Manuel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Programme\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Programme\Gemeinsame Dateien\DVDVideoSoft\plugins\ff\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Programme\Alwil Software\Avast5\WebRep\FF [2013/03/05 13:15:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013/10/02 04:54:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013/10/13 10:01:37 | 000,000,000 | ---D | M]
[2013/10/02 04:54:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013/10/02 04:54:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/02 04:53:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013/10/02 04:54:15 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2012/11/14 14:47:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Officeneu\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.)
O3 - HKU\Manuel_ON_C\..\Toolbar\ShellBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\Manuel_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\Manuel_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\Manuel_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\Manuel_ON_C\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Programme\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Programme\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [GrooveMonitor] C:\Programme\Microsoft Officeneu\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Philips Device Listener] C:\Programme\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\Manuel_ON_C..\Run: [Rainlendar2] C:\Programme\Rainlendar2\Rainlendar2.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Launcher.lnk = C:\Programme\3DataManager\3DataManager_Launcher.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Philips Geräte-Manager.lnk = C:\Programme\Philips\SA28XX Device Manager\main.exe (KeenHigh Tech.)
O4 - Startup: C:\Dokumente und Einstellungen\Manuel\Startmenü\Programme\Autostart\ac'tivAid.lnk = C:\Programme\ac'tivAid\ac'tivAid.ahk ()
O4 - Startup: C:\Dokumente und Einstellungen\Manuel\Startmenü\Programme\Autostart\j644wld7.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Manuel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Manuel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Manuel_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Officeneu\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Officeneu\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Officeneu\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Officeneu\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Officeneu\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/09 15:20:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/10/02 04:53:59 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
========== Files - Modified Within 30 Days ==========
[2013/10/16 04:29:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/16 04:29:27 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2013/10/15 11:50:52 | 095,025,368 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\j644wld7.pff
[2013/10/15 11:50:46 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\j644wld7.ctrl
[2013/10/15 11:50:39 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2013/10/15 11:50:27 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2013/10/15 11:50:11 | 000,000,358 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/10/15 11:49:46 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2013/10/15 11:49:41 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/15 11:49:37 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/15 10:00:59 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/15 09:40:26 | 000,000,808 | ---- | M] () -- C:\Dokumente und Einstellungen\Manuel\Startmenü\Programme\Autostart\j644wld7.lnk
[2013/10/15 09:40:22 | 000,130,048 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7dlw446j.plz
[2013/10/15 09:29:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/15 09:10:07 | 000,001,480 | ---- | M] () -- C:\Dokumente und Einstellungen\Manuel\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2013/10/15 09:10:07 | 000,001,468 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Opera.lnk
[2013/10/10 07:29:32 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/10/10 07:29:31 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/10/02 06:27:30 | 000,002,533 | ---- | M] () -- C:\Dokumente und Einstellungen\Manuel\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2013/10/02 05:49:16 | 000,259,338 | ---- | M] () -- C:\Dokumente und Einstellungen\Manuel\Desktop\2 Kirchstetterngasse 47.pdf
[2013/10/02 05:48:47 | 000,635,994 | ---- | M] () -- C:\Dokumente und Einstellungen\Manuel\Desktop\1 Kirchstettergassen 47.pdf
[2013/10/02 05:28:09 | 000,001,804 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk
[2013/10/02 05:28:09 | 000,001,720 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk
========== Files Created - No Company Name ==========
[2013/10/15 09:40:26 | 000,000,808 | ---- | C] () -- C:\Dokumente und Einstellungen\Manuel\Startmenü\Programme\Autostart\j644wld7.lnk
[2013/10/15 09:40:25 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\j644wld7.ctrl
[2013/10/15 09:40:23 | 095,025,368 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\j644wld7.pff
[2013/10/15 09:40:22 | 000,130,048 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7dlw446j.plz
[2013/10/15 09:10:07 | 000,001,480 | ---- | C] () -- C:\Dokumente und Einstellungen\Manuel\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2013/10/15 09:10:07 | 000,001,468 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Opera.lnk
[2013/10/02 05:49:16 | 000,259,338 | ---- | C] () -- C:\Dokumente und Einstellungen\Manuel\Desktop\2 Kirchstetterngasse 47.pdf
[2013/10/02 05:48:46 | 000,635,994 | ---- | C] () -- C:\Dokumente und Einstellungen\Manuel\Desktop\1 Kirchstettergassen 47.pdf
[2013/10/02 05:28:09 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk
[2013/10/02 05:28:09 | 000,001,720 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk
[2013/03/05 13:15:42 | 000,163,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/05 13:15:42 | 000,049,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2012/11/14 14:32:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/14 14:32:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/14 14:32:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/14 14:32:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/14 14:32:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/11/07 14:08:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/22 12:12:02 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2012/03/14 15:19:14 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\rockusbCoInstaller.dll
[2012/01/13 06:52:46 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2012/01/13 06:51:31 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2010/10/26 15:10:03 | 000,016,070 | ---- | C] () -- C:\WINDOWS\German2.ini
[2010/03/03 16:04:51 | 000,870,544 | ---- | C] () -- C:\WINDOWS\PlagiarismFinder 2.0 Uninstaller.exe
[2008/12/16 09:24:13 | 000,000,309 | ---- | C] () -- C:\WINDOWS\ArcView9x.INI
[2008/11/23 15:13:41 | 000,179,231 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2008/11/23 15:13:41 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2008/11/21 08:24:04 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2008/09/22 02:59:37 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2008/09/22 02:59:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2008/09/20 05:38:36 | 000,036,864 | ---- | C] () -- C:\Dokumente und Einstellungen\Manuel\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/09 19:19:55 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2008/09/09 19:19:53 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/09/09 17:16:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/09/09 16:15:19 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/09 15:34:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/09/09 15:25:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/09/09 15:17:39 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/09/08 22:09:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/08 22:08:30 | 000,323,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/05/09 19:39:28 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\CNCFLdNL.DLL
[2007/02/26 07:34:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
[2007/02/26 06:59:12 | 000,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2006/11/11 15:50:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/08/03 19:12:38 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/03 18:57:24 | 001,868,944 | ---- | C] () -- C:\WINDOWS\System32\RSA32_16.DLL
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/08/29 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 08:00:00 | 000,452,480 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2002/08/29 08:00:00 | 000,435,594 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2002/08/29 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 08:00:00 | 000,081,498 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2002/08/29 08:00:00 | 000,068,490 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2002/08/29 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/11/14 06:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2011/03/28 16:46:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\3DataManager
[2013/06/15 19:03:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Manuel\Anwendungsdaten\3DataManager
[2012/01/16 09:00:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Manuel\Anwendungsdaten\Ashampoo
[2011/03/31 07:36:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Manuel\Anwendungsdaten\Canon
[2013/03/23 19:43:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Manuel\Anwendungsdaten\DVDVideoSoft
[2013/01/08 13:55:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Manuel\Anwendungsdaten\DVDVideoSoftIEHelpers
[2009/03/05 05:32:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Manuel\Anwendungsdaten\ESRI
[2009/07/10 07:34:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Manuel\Anwendungsdaten\GrabPro
[2013/01/08 13:52:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Manuel\Anwendungsdaten\OpenCandy
[2013/10/15 09:10:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Manuel\Anwendungsdaten\Opera
[2012/05/27 06:30:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Manuel\Anwendungsdaten\Oracle
[2009/07/19 16:55:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Manuel\Anwendungsdaten\Orbit
[2012/03/14 15:19:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Manuel\Anwendungsdaten\Philips-Songbird
[2010/03/03 16:04:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Manuel\Anwendungsdaten\PlagiarismFinder
[2013/10/15 09:53:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Manuel\Anwendungsdaten\PriceGong
[2010/03/18 07:56:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2012/01/16 08:59:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2011/01/26 08:31:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011/09/02 13:34:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Caphyon
[2008/12/16 05:05:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESRI
[2010/03/03 16:04:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PlagiarismFinder
[2012/03/14 15:18:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{F0489EF2-D393-4114-85BA-A94D71D89543}
[2013/10/15 11:50:11 | 000,000,358 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2013/10/15 11:49:46 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
========== Purity Check ==========
< End of report >
|
| Themen zu Landespolizeidirection Schadsoftware - OTPle Logfile anbei |
| antivirus, askbar, avira, bho, browser, desktop, einstellungen, flash player, homepage, mozilla, nodrives, plug-in, polizeivirus, pup.optional.conduit, pup.optional.conduit.a, pup.optional.opencandy, pup.optional.pricegong.a, realtek, registry, scan, security, senden, server, software, trojan.ransom.ed, trojaner, windows, windows xp, xp-rechner |
Baum-Darstellung